Method, authentication server, and electronic device for configuring a sharing target device for sharing data usage of the electronic device

ABSTRACT

Methods and electronic devices are provided for configuring a sharing target device. A method includes transmitting, to an authentication server associated with a mobile network operator for managing data usage, a device configuration request message for configuring the sharing target device to share a data usage amount assigned to the electronic device; receiving, from the authentication server, in response to the device configuration request message, an access code permitting access to the authentication server; and transmitting the received access code to the sharing target device, wherein the sharing target device receives, using the access code, a subscriber profile from the authentication server for sharing the data usage amount assigned to the electronic device.

PRIORITY

This application claims priority under 35 U.S.C. § 119(a) to KoreanPatent Application Serial No. 10-2017-0000387, which was filed in theKorean Intellectual Property Office on Jan. 2, 2017, the entire contentof which is incorporated herein by reference.

BACKGROUND 1. Field of the Disclosure

The present disclosure relates generally to a method and an electronicdevice for configuring a sharing target device with which data usage isshared.

2. Description of the Related Art

A data sharing service or data tech service allows a data usage amountprovided by a mobile network operator (MNO) to a first electronic deviceto be shared with a second electronic device, i.e., a sharing targetdevice.

For example, a user purchasing an expensive handset at a discount ratemay be locked in a service plan requiring excessive data usage for along period of time. The user may wish to share some of the excessivedata usage with family members or friends.

As another example, the user (such as a parent) may wish to provideshare the data usage with a child who has exhausted the data usageassigned to their electronic device.

In addition, if a user has multiple electronic devices, the user maywish to share data usage among the multiple electronic devices.

To share data usage with a sharing target device, the user of theelectronic device may have to visit an agent of the MNO in person. Afterauthenticating the user, the agent installs a data sharing universalsubscriber identity module (USIM) in the sharing target device. The usercan then share the data usage of the electronic device with the sharingtarget device.

However, the user may be inconvenienced by having to visit the agent ofthe MNO in person. For example, the user may have to visit the MNO'sagent whenever the sharing target device is to be configured orreplaced.

SUMMARY

The present disclosure has been made to address at least the abovementioned problems and/or disadvantages and to provide at least theadvantages described below.

Accordingly, an aspect of the present disclosure is to provide anelectronic device and method that allow a user to configure or replace asharing target device without visiting an offline agent.

Another aspect of the present disclosure is to provide an electronicdevice and method that allow a user of the electronic device to monitordata utilization of a sharing target device, which shares the data usageof the electronic device.

Another aspect of the present disclosure is provide an electronic deviceand method that allow a user to readily recognize whether data usage ofa sharing target device is manipulated or an application related theretois deleted.

In accordance with an aspect of the present disclosure, a method isprovided for an electronic device to configure a sharing target devicefor data sharing. The method includes transmitting, to an authenticationserver associated with a mobile network operator for managing datausage, a device configuration request message for configuring thesharing target device to share a data usage amount assigned to theelectronic device; receiving, from the authentication server, inresponse to the device configuration request message, an access codepermitting access to the authentication server; and transmitting thereceived access code to the sharing target device. The sharing targetdevice receives, using the access code, a subscriber profile from theauthentication server for sharing the data usage amount assigned to theelectronic device.

In accordance with another aspect of the present disclosure, a method isprovided for a sharing target device, which shares a data usage amountof an electronic device, to receive a mobile communication service. Themethod includes receiving an access code, which permits access to anauthentication server associated with a mobile network operator managingdata usage, from the electronic device or the authentication server;transmitting the received access code to the authentication server;receiving, based on the access code, a subscriber profile from theauthentication server; storing the received subscriber profile in aprofile storage module; and sharing, based on the stored subscriberprofile, the data usage amount assigned to the electronic device.

In accordance with another aspect of the present disclosure, a method isprovided for a sharing target device, which shares a data usage amountof an electronic device, to receive a mobile communication service. Themethod includes transmitting, to an authentication server associatedwith a mobile network operator for managing data usage, a deviceconfiguration request message for configuring the sharing target deviceto share the data usage amount assigned to the electronic device;receiving, when authentication of the sharing target device is performedbetween the electronic device and the authentication server based on thedevice configuration request message, a subscriber profile from theauthentication server; storing the received subscriber profile in aprofile storage module; and sharing, based on the stored subscriberprofile, the data usage amount assigned to the electronic device.

In accordance with another aspect of the present disclosure, a method isprovided for an authentication server associated with a mobile networkoperator to provide a subscriber profile. The method includes receiving,from an electronic device or a sharing target device, a deviceconfiguration request message for configuring the sharing target deviceto share a data usage amount assigned to the electronic device;transmitting, in response to the device configuration request message,an access code, which permits the sharing target device to access theauthentication server, to the electronic device or the sharing targetdevice; receiving the access code from the sharing target device; andtransmitting, in response to the received access code, the subscriberprofile to the sharing target device.

In accordance with another aspect of the present disclosure, a method isprovided for an authentication server associated with a mobile networkoperator to provide a subscriber profile. The method includes receiving,from a sharing target device, a device configuration request message forconfiguring the sharing target device to share a data usage amountassigned to an electronic device; transmitting, in response to thedevice configuration request message, a device configurationverification request message for confirming configuration of the sharingtarget device to the electronic device; receiving, when theconfiguration of the sharing target device is verified by the electronicdevice based on the device configuration verification request message, adevice configuration verification confirmation message from theelectronic device; and transmitting, in response to the received deviceconfiguration verification confirmation message, the subscriber profileto the sharing target device.

In accordance with another aspect of the present disclosure, anelectronic device is provided for sharing a data usage amount with asharing target device. The electronic device includes a processor; atransceiver configured to communicate with an authentication serverassociated with a mobile network operator for managing data usage; and amemory, which stores instructions, which when executed, instruct theprocessor to transmit, to the authentication server through thetransceiver, a device configuration request message for configuring thesharing target device to share the data usage amount assigned to theelectronic device; receive, from the authentication server through thetransceiver, in response to the device configuration request message, anaccess code permitting access to the authentication server; and transmitthe received access code to the sharing target device through thetransceiver, wherein the sharing target device, using the access code,receives a subscriber profile from the authentication server for sharingthe data usage amount assigned to the electronic device.

In accordance with another aspect of the present disclosure, a sharingtarget device is provided, which shares a data usage amount assigned toan electronic device. The sharing target device includes a processor; atransceiver configured to communicate with the electronic device and anauthentication server associated with a mobile network operator formanaging data usage; a profile storage module configured to store asubscriber profile; and a memory that stores instructions, which whenexecuted, instruct the processor to receive, from the electronic deviceor the authentication server through the transceiver, an access codepermitting access to the authentication server; transmit the receivedaccess code to the authentication server through the transceiver;receive, based on the access code, a subscriber profile from theauthentication server through the transceiver; store the receivedsubscriber profile in the profile storage module; and share, based onthe stored subscriber profile, the data usage amount assigned to theelectronic device.

In accordance with another aspect of the present disclosure, a sharingtarget device is provided, which shares a data usage amount assigned toan electronic device. The sharing target device includes a processor; atransceiver configured to communicate with an authentication serverassociated with a mobile network operator for managing data usage; aprofile storage module configured to store a subscriber profile; and amemory that stores instructions, which when executed, instruct theprocessor to transmit, to the authentication server, through thetransceiver, a device configuration request message for configuring thesharing target device to share the data usage amount assigned to theelectronic device; receive, when authentication of the sharing targetdevice is performed between the electronic device and the authenticationserver based on the device configuration request message, a subscriberprofile from the authentication server through the transceiver; storethe received subscriber profile in the profile storage module; andshare, based on the stored subscriber profile, the data usage amountassigned to the electronic device.

In accordance with another aspect of the present disclosure, anauthentication server, which is associated with a mobile networkoperator, is provided. The authentication server includes a processor; atransceiver configured to communicate with an electronic device and asharing target device; and a memory that stores instructions, which whenexecuted, instruct the processor to receive, from the electronic deviceor the sharing target device through the transceiver, a deviceconfiguration request message for configuring the sharing target deviceto share a data usage amount assigned to the electronic device;transmit, to the electronic device or the sharing target device throughthe transceiver, in response to the device configuration requestmessage, an access code, which permits the sharing target device toaccess the authentication server; receive the access code from thesharing target device through the transceiver; and transmit, in responseto the received access code, a subscriber profile to the sharing targetdevice.

In accordance with another aspect of the present disclosure, anauthentication server, which is associated with a mobile networkoperator, is provided. The authentication server includes a processor; atransceiver configured to communicate with an electronic device and asharing target device; and a memory that stores instructions, which whenexecuted, instruct the processor to receive, from the sharing targetdevice through the transceiver, a device configuration request messagefor configuring the sharing target device to share a data usage amountassigned to the electronic device; transmit, to the electronic devicethrough the transceiver, in response to the device configuration requestmessage, a device configuration verification request message forconfirming configuration of the sharing target device; receive, when theconfiguration of the sharing target device is verified by the electronicdevice based on the device configuration verification request message, adevice configuration verification confirmation message from theelectronic device through the transceiver; and transmit, in response tothe received device configuration verification confirmation message, asubscriber profile to the sharing target device.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other aspects, features, and advantages of certainembodiments of the present disclosure will be more apparent from thefollowing detailed description taken in conjunction with theaccompanying drawings, in which:

FIG. 1 is a signal flow diagram illustrating a process of installing asubscriber profile in an electronic device according to embodiment ofthe present disclosure;

FIGS. 2 to 4 are signal flow diagrams illustrating processes ofconfiguring a sharing target device for data sharing according toembodiments of the present disclosure;

FIG. 5 illustrates an example screen for configuring a sharing targetdevice for data sharing according to an embodiment of the presentdisclosure;

FIGS. 6 and 7 are signal flow diagrams illustrating processes oflimiting data usage of a sharing target device according to of thepresent disclosure;

FIG. 8 illustrates an example screen displaying a data usagenotification of q sharing target device according to an embodiment ofthe present disclosure;

FIG. 9 is a signal flow diagram illustrating a process of configuringInternet of things (IoT) devices as sharing target devices according toan embodiment of the present disclosure;

FIG. 10 illustrates an authentication server according to an embodimentof the present disclosure;

FIG. 11 illustrates an electronic device according to an embodiment ofthe present disclosure;

FIG. 12 illustrates an authentication server according to an embodimentof the present disclosure;

FIG. 13 illustrates an electronic device permitting data sharingaccording to an embodiment of the present disclosure;

FIG. 14 illustrates a sharing target device according to an embodimentof the present disclosure;

FIG. 15 is a flowchart illustrating a procedure for an electronic deviceto configure a sharing target device according to an embodiment of thepresent disclosure;

FIGS. 16 and 17 are flowcharts illustrating procedures for a sharingtarget device to receive a mobile communication service according toembodiments of the present disclosure; and

FIGS. 18 and 19 are flowcharts illustrating procedures for anauthentication server to provide a subscriber profile according toembodiments of the present disclosure.

DETAILED DESCRIPTION

Hereinafter, various embodiments of the present disclosure are describedin detail with reference to the accompanying drawings. However, thepresent description is not limited to these specific embodiments, andall modifications, equivalents and/or alternatives thereof also belongto the scope of the present disclosure. The same or similar referencesymbols may be used herein to refer to the same or like parts.

The expressions and terms, including technical and scientific terms,used herein have the same meaning as commonly understood by one ofordinary skill in the art. Terms, such as those defined in commonly useddictionaries, should be interpreted as having a meaning that isconsistent with their meaning in the context of the relevant art andwill not be interpreted in an idealized or overly formal sense unlessexpressly so defined herein. In any case, the terms defined hereinshould not be interpreted to exclude certain embodiments of the presentdisclosure.

Herein, the expressions “have”, “may have”, “include” or “may include”indicate the existence of a specific feature (e.g., a number, afunction, an operation, or a component) but do not exclude the existenceof other features.

The expressions “A or B”, “at least one of A and/or B”, or “one or moreof A and/or B” may indicate all possible combinations of A and B. Forexample, “A or B”, “at least one of A and B”, and “at least one of A orB” may indicate any of (1) at least A, (2) at least B, or (3) at least Aand at least B.

The terms “1^(st)”, “first”, “2^(nd)”, or “second” may be used modifycorresponding components regardless of importance or order and todistinguish a component from another without limiting the components.For example, a first user device and a second user device may indicatedifferent user devices regardless of the order or importance of thedevices. As another example, a first component may be referred to as asecond component, and vice versa, without departing from the scope ofthe present disclosure.

When a first element is referred to as being “coupled with/to” or“connected with/to” a second element, the first element can be coupledor connected with/to the second element directly or via a third element.In contrast, when a first element is referred to as being “directlycoupled with/to” or “directly connected with/to” a second element, noother element intervenes between the first element and the secondelement.

The phrase “configured (or set) to” may be used interchangeably withphrases such as “suitable for”, “having the capacity to”, “designed to”,“adapted to”, “made to” and “capable of”, depending on context.

The term “configured (or set) to” does not necessarily mean“specifically designed in hardware to.” Rather, “configured to” mayindicate that a device can perform a specific operation together withother devices or parts. For example, a “processor configured (or set) toperform A, B, and C” may refer to a dedicated processor (e.g., anembedded processor) for performing the operations or a general-purposeprocessor (e.g., a central processing unit (CPU) or an applicationprocessor (AP)) that may perform the operations by executing one or moresoftware programs stored in a memory unit.

Some terms used herein may be provided merely to describe a specificembodiment without limiting the scope of another embodiment.

The singular forms “a”, “an”, and “the” are intended to include theplural forms as well, unless the context clearly indicates otherwise.

The terms “module” and “unit” may refer to a certain unit that includesone of hardware, software and firmware or any combination thereof. Theterm “module” may be interchangeably used with “unit”, “logic”, “logicalblock”, “component”, or “circuit”. A module may be the minimum unit of asingle-bodied component or a part thereof. A module may be the minimumunit, or a part thereof, which performs one or more particularfunctions. A module may be realized mechanically or electronically. Forexample, a module may include at least one of an application-specificintegrated circuit (ASIC) chip, a field-programmable gate array (FPGA),and a programmable-logic device, which have been known or are to bedeveloped in the future.

Herein, an electronic device or a sharing target device may be asmartphone, a tablet personal computer (PC), a mobile phone, a videophone, an e-book reader, a desktop PC, a laptop PC, a netbook computer,a workstation, a server, a personal digital assistant (PDA), a portablemultimedia player (PMP), an MP3 player, a mobile medical instrument, acamera, or a wearable device (e.g., smart glasses, a head-mounted device(HMD), electronic clothes, an electronic bracelet, an electronicnecklace, an electronic appcessory, an electronic tattoo, a smartmirror, or a smart watch).

An electronic device or a sharing target device may also be a smart homeappliance, such as a television (TV), a digital video disc (DVD) player,audio equipment, a refrigerator, an air conditioner, a vacuum cleaner,an oven, a microwave oven, a washing machine, an air cleaner, a set-topbox, a home automation control panel, a security control panel, a TV box(e.g., a Samsung HomeSync™, an Apple TV™, or a Google TV™), a gameconsole (e.g., an Xbox™ or a PlayStation™), an electronic dictionary, anelectronic key, a camcorder, or an electronic picture frame.

An electronic device or a sharing target device may also be a medicaldevice (e.g., a portable medical measuring device such as a blood sugarmeasuring device, a heartbeat measuring device, a blood pressuremeasuring device, or a body temperature measuring device), a magneticresonance angiography (MRA) system, a magnetic resonance imaging (MRI)system, a computed tomography (CT) system, a radiograph instrument, anultrasonography instrument, a navigation device, a global positioningsystem (GPS) receiver, an event data recorder (EDR), a flight datarecorder (FDR), a car infotainment device, a ship electronic equipment(e.g., a marine navigation system or a gyrocompass), avionics, securityequipment, a car head unit, or an industrial or home robot, an automaticteller machine (ATM), a point of sales (POS) device, or an IoT device(e.g., a bulb, a sensor, an electricity or gas meter, a sprinkler, afire alarm, a thermostat, a street light, a toaster, fitness equipment,a hot water tank, a heater, or a boiler).

An electronic device or a sharing target device may also be a piece offurniture, a part of a building, a structure, an electronic board, anelectronic signature receiving device, a projector, or a measurementinstrument (e.g., a water meter, an electricity meter, a gas meter, or awave meter).

An electronic device or a sharing target device may also be a flexibleelectronic device.

An electronic device or a sharing target device may also be acombination of the above-listed devices. However, an electronic deviceor a sharing target device is not limited to the above-listed devices,and may be a new electronic device to be developed according to advancesin technology.

Herein, the term “user” may denote a human or another device (e.g., anartificial intelligence electronic device) using the electronic device.

As described above, when a conventional USIM card is used for data usagesharing, a user has to visit an agent of an MNO in person to register orchange a sharing target device.

In accordance with an embodiment of the present disclosure, a scheme isprovided for registering or changing a sharing target device by using anembedded universal integrated circuit card (eUICC) or an embeddedsubscriber identity module (eSIM) (hereinafter, collectively referred toas “an eSIM module”).

Unlike existing removable cards such as a SIM card, a USIM card, and aUICC, at the time of manufacturing, an eSIM module is mounted as a chipinside an electronic device that performs mobile communication, makingit difficult to remove the eSIM module. Using the eSIM module, a usercan subscribe to, change, or unsubscribe from a mobile communicationservice through over the air (OTA) operations, without visiting an agentof the MNO.

An eSIM module without subscription information may be included in anelectronic device and can be sold to a specific user. The user canconnect to the MNO network, download a subscriber profile (e.g., an MNOprofile) including subscription information through OTA, and install thesubscriber profile in the eSIM module. A procedure for downloading andinstalling a subscriber profile in the eSIM module is commonly referredto as “provisioning”. The subscriber profile may be delivered to theeSIM module through an authentication server such as the subscriptionmanager data preparation (SM-DP) or a subscription manager securerouting (SM-SR), and may later be changed or deleted through theauthentication server.

For OTA-based provisioning, the electronic device should be able toaccess a mobile communication network for downloading a subscriberprofile before subscribing to a mobile communication service. Ingeneral, when an electronic device is sold, a provisioning profile maybe included in the eSIM module so that the electronic device can accessthe mobile communication network before downloading an initialsubscriber profile. The electronic device may access the mobilecommunication network using the provisioning profile to download andinstall the initial subscriber profile.

Although embodiments of the present disclosure are described withreference to an eSIM module, the present disclosure is not limitedthereto and is also applicable to an electronic device or a sharingtarget device capable of OTA-based provisioning.

FIG. 1 is a signal flow diagram illustrating a process of installing asubscriber profile in an electronic device according to an embodiment ofthe present disclosure.

Referring to FIG. 1, an authentication server 102 associated with an MNOmanages data usage of an electronic device 101, e.g., a smartphone. Theauthentication server 102 may include at least one of a profilegeneration server, a provisioning support server, and a profilemanagement server.

The profile generation server, such as an SM-DP, can generate a profileto be installed in an eSIM module, based on information received fromthe MNO or the eSIM manufacturer. The profile generation server cantransfer the generated profile to the provisioning support server or theprofile management server. To securely transmit the generated profile,the profile generation server may perform authentication with the serverto which the profile is to be forwarded.

The provisioning support server may receive the profile generated by theprofile generation server. For example, the provisioning support servermay receive a plurality of packets (e.g., application protocol dataunits (APDUs)) corresponding to a profile from the profile generationserver. The provisioning support server may receive a plurality ofpackets corresponding to a plurality of profiles in bulk, from theprofile generation server, through a dedicated line.

The provisioning support server may generate a profile in the form of anuncompressed image file from a plurality of received packets. Theprovisioning support server may send the generated image file to theelectronic device 101. In addition to the subscriber profile, theprovisioning support server may download and install a test profile inthe electronic device 101 for development or verification.

The profile management server, such as the SM-SR, can perform overallmanagement of the eSIM module embedded in the electronic device 101. Forexample, the profile management server can perform profile managementfunctions for the eSIM module, such as profile installation, deletion,enablement, and disablement.

In step 111, for server authentication, the electronic device 101including the eSIM module transmits a server authentication requestmessage to the authentication server 102.

After performing authentication based on the server authenticationrequest message, the authentication server 102 transmits a serverauthentication confirmation message to the electronic device 101 in step113.

For terminal authentication, in step 115, the authentication server 102transmits a terminal authentication request message to the electronicdevice 101. Although illustrated separately, steps 113 and 115 may beperformed in parallel, or step 115 may be performed prior to step 113.

After performing authentication based on the terminal authenticationrequest message, the electronic device 101 transmits a terminalauthentication confirmation message to the authentication server 102 instep 117.

In step 119, the authentication server 102 generates a subscriberprofile. For example, the subscriber profile may be generated based onat least one of subscription information of the user, an eSIM-identifier(ID), an integrated circuit card ID (ICCID), and an SM-SR ID (or SRID).The subscriber profile may represent a set of subscriber information ora collection of files, data, and applications associated with aparticular subscriber of the MNO.

In step 121, the authentication server 102 transmits the generatedsubscriber profile to the electronic device 101. For example, theauthentication server 102 may transmit an encrypted subscriber profileto the electronic device 101.

In step 123, the electronic device 101 installs the received subscriberprofile in the eSIM module.

In step 125, the electronic device 101 transmits an installationconfirmation message indicating that the subscriber profile has beeninstalled to the authentication server 102.

Thereafter, based on the subscriber profile, the electronic device 101may use a mobile communication service provided through the network ofthe MNO.

FIG. 2 is a signal flow diagram illustrating a process of configuring asharing target device for data sharing according to an embodiment of thepresent disclosure.

Referring to FIG. 2, a user uses electronic devices 201 and 205. Amongthe electronic devices 201 and 205, the electronic device 201 may beallocated a data usage amount by an MNO, and the electronic device 205may be a sharing target device that shares the data usage amount, basedon the data sharing service described above.

The user may wish to replace the existing sharing target device 205 witha new sharing target device 202, e.g., because of insufficient resourcesor because the existing sharing target device 205 is lost.

When a trigger signal for replacing the existing sharing target device205 with the new sharing target device 202 is generated, the electronicdevice 201 transmits a device configuration request message for changingthe sharing target device to the authentication server 203 associatedwith the MNO in step 211. The device configuration request message mayinclude identification information (e.g., a MAC address or accessinformation) of the sharing target device 202.

The trigger signal may be generated by a user input for replacing theexisting sharing target device 205 with the new sharing target device202 through an application (e.g., an application provided by the MNO)installed in the electronic device 201. For example, the trigger signalmay be generated when the user enters a user ID and password andspecifies a data usage amount to be shared through the application. Asanother example, the trigger signal may be automatically generated whena direct connection is established between the electronic device 201 andthe new sharing target device 202.

FIG. 5 illustrates an example screen for configuring a sharing targetdevice for data sharing according to an embodiment of the presentdisclosure.

Referring to FIG. 5, the electronic device provides a user interface(UI) window 500 for configuring a sharing target device. The UI window500 includes UI elements, i.e., an ID field 501, a password field 503, aregion 505 for selecting a sharing target device, and a slider 507 forspecifying the data sharing amount of the selected sharing target device505-1. The maximum data sharing amount may be the default data usageamount assigned to the electronic device 201.

When the user selects the OK button 509, after entering a user ID andpassword and specifying the sharing target device 505-1 and the datasharing amount, a trigger signal may be generated according to the userinput.

Accordingly, the device configuration request message (e.g., astransmitted in step 211 of FIG. 2) may include identificationinformation 505-2 (e.g., a MAC address or access information) of thesharing target device 505-1.

Referring again to FIG. 2, upon reception of the device configurationrequest message, the authentication server 203 transmits an access codefor authentication server access to the electronic device 201, based onthe device configuration request message, in step 213.

Upon reception of the access code, the electronic device 201 forwardsthe received access code to the new sharing target device 202 in step215.

The access code may include data request information requestingassignment of at least a portion of the data usage amount assigned tothe electronic device 201. Specifically, the access code may includeinformation indicating that the server authentication request message tobe transmitted by the sharing target device 202 does not request datausage allocation for a new service plan, but requests allocation of atleast a portion of the data usage amount having already been allocatedto the electronic device 201.

The access code may include a phone number given to the electronicdevice 201 or a unique number (e.g., a MAC address) of the electronicdevice 201 as identification information. The access code may include auser ID and a password for accessing the server of the MNO as userinformation of the electronic device 201. The access code may include aprovisioning profile enabling access to the mobile communication networkprior to downloading a subscriber profile.

The access code may be a quick response (QR) code or a bar code. Thesharing target device 202 may obtain the access code by capturing the QRcode or barcode displayed on the electronic device 201.

Upon reception of the access code, the sharing target device 202transmits a server authentication request message for serverauthentication together with the access code to the authenticationserver 203 in step 217.

After performing authentication based on the access code and the serverauthentication request message, the authentication server 203 transmitsa server authentication confirmation message to the sharing targetdevice 202 in step 219.

In step 221, the authentication server 203 transmits a terminalauthentication request message for terminal authentication to thesharing target device 202.

After performing authentication based on the terminal authenticationrequest message, the sharing target device 202 transmits a terminalauthentication confirmation message to the authentication server 203 instep 223.

After completion of authentication between the sharing target device 202and the authentication server 203, the authentication server 203generates a subscriber profile in step 225. The subscriber profile mayinclude the phone number assigned to the sharing target device 202. Formanagement, this phone number may be paired with the phone numberassigned to the electronic device 201.

In step 227, the authentication server 203 transmits the generatedsubscriber profile to the sharing target device 202.

In step 229, the sharing target device 202 installs the receivedsubscriber profile in the profile storage module, e.g., an eSIM module.

After installation of the subscriber profile, the sharing target device202 transmits an installation confirmation message indicating that thesubscriber profile has been installed to the authentication server 203in step 231.

Thereafter, based on the subscriber profile, the sharing target device202 can receive a mobile communication service corresponding to the datausage amount shared with the electronic device 201.

The authentication server 203 may transmit the generated subscriberprofile to the sharing target device 202 via the electronic device 201.The process of the electronic device 201 receiving the profile for thesharing target device 202 and forwarding it to the sharing target device202 is applicable to other embodiments of the present disclosure.

FIG. 3 is a signal flow diagram illustrating a process of configuring asharing target device for data sharing according to an embodiment of thepresent disclosure. Because steps 317 to 329 correspond to steps 219 to231 of FIG. 2, a repeated description thereof is omitted below.

Referring to FIG. 3, similar to FIG. 2, a user may wish to replace anexisting sharing target device 305 with a new sharing target device 302.

When a trigger signal for replacing the existing sharing target device305 with the new sharing target device 302 is generated, an electronicdevice 301 transmits, to an authentication server 303 associated with anMNO, a device configuration request message for changing the sharingtarget device in step 311.

Upon reception of the device configuration request message, theauthentication server 303 transmits an access code for authenticationserver access directly to the sharing target device 302, based on thedevice configuration request message, in step 313.

Upon reception of the access code, the sharing target device 302transmits a server authentication request message for serverauthentication together with the access code to the authenticationserver 303 in step 315.

After completion of authentication between the sharing target device 302and the authentication server 303, the authentication server 303generates a subscriber profile and transmits the generated subscriberprofile to the sharing target device 302 in steps 317 to 329.

Thereafter, based on the subscriber profile, the sharing target device302 can receive a mobile communication service.

FIG. 4 is a signal flow diagram illustrating a process of configuring asharing target device for data sharing according to an embodiment of thepresent disclosure. Because steps 421 to 433 correspond to steps 219 to231 of FIG. 2, a repeated description thereof is omitted below.

Referring to FIG. 4, similar to FIGS. 2 and 3, a user of an electronicdevice 401 may wish to replace an existing sharing target device 405with a new sharing target device 402.

When a trigger signal for replacing the existing sharing target device405 with the new sharing target device 402 is generated, the sharingtarget device 402 transmits, to an authentication server 403 associatedwith an MNO, a device configuration request message for configuring thesharing target device in step 411.

The trigger signal may be generated by a user input for changing thesharing target device through an application (e.g., an applicationprovided by the MNO) installed in the sharing target device 402.

For example, the trigger signal may be generated when the user entersthe user ID and password and specifies a data usage amount to be sharedthrough the application, or may be automatically generated when a directconnection is established between the electronic device 401 and the newsharing target device 402.

The device configuration request message may include identificationinformation or user information of the electronic device 401. The deviceconfiguration request message may also include identificationinformation of the sharing target device 402.

In step 413, the sharing target device 402 transmits a serverauthentication request message for server authentication to theauthentication server 403. Alternatively, step 413 may be performedbefore or in parallel with step 411.

In step 415, to verify change of the sharing target device, theauthentication server 403 transmits a device configuration verificationrequest message to the electronic device 401. The device configurationverification request message may include at least one of userinformation and identification information of the electronic device 401and the sharing target device 402 received from the sharing targetdevice 402.

In step 417, based on the received device configuration verificationrequest message, the electronic device 401 verifies whether the sharingtarget device 402 is capable of sharing data usage of the electronicdevice 401.

After verification of the sharing target device 402, the electronicdevice 101 transmits a device configuration verification confirmationmessage to the authentication server 402 in step 419.

Based on the device configuration verification confirmation message, theauthentication server 403 transmits a server authentication confirmationmessage, in response to the server authentication request message, instep 421.

When the sharing target device 402 is authenticated in steps 423 and425, the authentication server 403 transmits a subscriber profile to thesharing target device 402 in steps 427 and 429.

Thereafter, based on the subscriber profile in steps 431 and 433, thesharing target device 402 may receive a mobile communication service.

FIG. 6 is a signal flow diagram illustrating a process of limiting datausage of a sharing target device according to an embodiment of thepresent disclosure.

Referring to FIG. 6, data usage of an electronic device 601 can beshared with a sharing target device 602 through a data sharing service.

A user of the electronic device 601 and a user of the sharing targetdevice 602 may be different. For example, the user of the electronicdevice 601 may be a parent, and the user of the sharing target device602 may be a child who is allowed to consume a portion of the data usageamount of the parent. The user of the electronic device 601 may monitorthe data usage of the sharing target device 602 and attempt to limit thedata usage of the sharing target device 602, if the sharing targetdevice 602 uses an excessive amount of data.

In step 611, an authentication code generator for authenticatingnotification information may be installed in at least one of theelectronic device 601 and the sharing target device 602. Thenotification information may include information on the data usageamount and the data usage state of the sharing target device 602.

The electronic device 601 and the sharing target device 602 may eachgenerate an authentication code of the same value on a periodic basis.For synchronization of the authentication code, the authentication codeof the electronic device 601 and the authentication code of the sharingtarget device 602 may be updated at regular intervals. Alternatively,when the authentication code is updated in one of the electronic device601 and the sharing target device 602, the update time information maybe transferred to the other device so that the other device can generatean authentication code based on the received update time information.

The authentication code generator of one of the electronic device 601and the sharing target device 602 may generate an encryption key and adecryption key and transmit the decryption key to the other device.

In addition, the user may set a reporting event for sending notificationinformation using at least one of the electronic device 601 and thesharing target device 602 in step 611.

For example, when a dedicated application for monitoring data usage isinstalled in at least one of the electronic device 601 and the sharingtarget device 602, the user can set a data usage rule generatingnotification information according to data use of the sharing targetdevice 602 through a window of the dedicated application. The data usagerule can be set so that a notification message is sent from the sharingtarget device 602 to the electronic device 601 when the cumulative datausage amount of the sharing target device 602 exceeds a preset value(e.g., 1 GB) or whenever the data usage amount thereof exceeds a presetvalue (e.g., 100 MB).

After setting the reporting event, data is transmitted/received betweenthe sharing target device 602 and the base station 603, based on thedata sharing agreement between the electronic device 601 and the sharingtarget device 602, in step 613.

Thereafter, when the data usage amount of the sharing target device 602exceeds a threshold set according to the data usage rule specified instep 611, or when the electronic device 601 requests the sharing targetdevice 602 to report the data usage amount of the sharing target device602, the sharing target device 602 reports the data usage amount to theelectronic device 601 in step 615.

For example, the sharing target device 602 may transmit a text messagecontaining notification information on the data usage amount to theelectronic device 601.

The sharing target device 602 may transmit the notification informationand an authentication code together. That is, the user of the sharingtarget device 602, e.g., a child who does not want to report the correctdata usage, may send a message including a false data usage amount tothe electronic device 601. To prevent this, an authentication code maybe provided together for verifying the validity of the notificationinformation. The authentication code may be a value generated by theauthentication code generator of the sharing target device 602.

FIG. 8 illustrates an example screen displaying a data usagenotification of a sharing target device according to an embodiment ofthe present disclosure.

Referring to FIG. 8, a text message 801 including an authentication code801-1 and notification information 801-2 are displayed through a messagewindow.

Upon reception of the text message 801, an electronic device 601 canverify the authentication code 801-1. If the received authenticationcode 801-1 is the same as the authentication code generated by theauthentication code generator of the electronic device 601, theelectronic device 601 can determine that the notification information801-2 is valid. Thereafter, the electronic device 601 may display apopup window 802 notifying the user that the received notificationinformation 801-2 is valid.

Alternatively, the notification information 801-2 may be encrypted usingan encryption key generated by the authentication code generator of thesharing target device 602. The electronic device 601 may decrypt thenotification information 801-2 using a decryption key received from thesharing target device 602 and display the decrypted notificationinformation 801-2 on the screen.

As another example, when a monitoring application is used for managementof the sharing target device 602, upon receiving the authentication code801-1 and the notification information 801-2, the dedicated applicationmay display the notification information 801-2 on the screen only if theauthentication code 801-1 is valid.

Referring again to FIG. 6, upon determining that the data usage amountof the sharing target device 602 is excessive, e.g., based on thenotification information 801-2, the electronic device 601 transmits aservice stop request message to a server of the MNO, via the basestation 603, in step 617, requesting to stop the mobile communicationservice to the sharing target device 602.

Specifically, upon examining the data usage amount of the sharing targetdevice 602, the user of the electronic device 601 may enter an input forrequesting data usage restriction. The electronic device 601 maytransmit a service stop request message to the server of the MNO via thebase station 603.

Alternatively, the user of the electronic device 601 may set a maximumdata usage amount to limit the data usage in advance. When the reporteddata usage amount of the sharing target device 602 exceeds the setmaximum data usage amount, the electronic device 601 may automaticallytransmit a service stop request message to the server of the MNO.

The user of the electronic device 601 can transmit a service stoprequest message through a third-party application provided by the MNO,or the user of the electronic device 601 may make a call directly to thecustomer service agent of the MNO to request the suspension of the datasharing service.

In step 619, the electronic device 601 transmits a service stop requestmessage for stopping the mobile communication service to the sharingtarget device 602.

In response to the service stop request message, the monitoringapplication managing the data usage may restrict the use of the mobilecommunication service of the sharing target device 602.

For example, the service stop request message may be a command or textmessage that can be processed by the above application. Anauthentication code may be sent together with the text message to verifythe validity of the text message.

If the monitoring application restricts the use of the mobilecommunication service of the user of the sharing target device 602, thesharing target device 602 transmits, to the electronic device 601, aservice stop notification message indicating that the mobilecommunication service to the sharing target device 602 is suspended instep 621.

The service stop notification message may be a command or text messagethat can be processed by the above application. An authentication codemay be sent together with the text message to verify the validity of thetext message.

Even when the use of the mobile communication service of the sharingtarget device 602 is restricted, data transmission and reception betweenthe electronic device 601 and the sharing target device 602 using themobile communication network may be allowed as an exceptional case instep 623. For example, in an urgent situation where the sharing targetdevice 602 needs to use the data service, data transmission andreception between the electronic device 601 and the sharing targetdevice 602 may be allowed so that the sharing target device 602 cantransmit a data request message to the electronic device 601.

FIG. 7 is a signal flow diagram illustrating a process of limiting datausage of a sharing target device according to an embodiment of thepresent disclosure.

Referring to FIG. 7, in step 709, the user of the sharing target device702 may change the preset data usage amount or may uninstall themonitoring application managing the data usage or disable the data usagerestriction function.

Upon recognizing that the monitoring application of the sharing targetdevice 702 has been deleted or the data usage has been arbitrarilymanipulated, the user of the electronic device 701 may determine tolimit the data usage of the sharing target device 702.

In steps 711 to 715, the electronic device 701 requests the sharingtarget device 702 to report data usage by periodically transmitting adata usage report request message to the sharing target device 702. Forexample, the data usage report request message may be transmitted atabout 30-60 minute intervals. The electronic device 701 may alsotransmit a data usage report request message to the sharing targetdevice 702 aperiodically according to occurrence of a user input orpreset event.

The data usage report request message may be a command or text messagethat can be processed by the monitoring application of the sharingtarget device 702. An authentication code may be sent together with thetext message to verify the validity of the text message.

Although the electronic device 701 has requested a data usage report ona periodic basis, the electronic device 701 detects that is has failedto receive a response in step 717. Such non-response may satisfy apreset rule. For example, a response signal may be not received from thesharing target device 702, although the electronic device 701 hastransmitted the data usage request message a preset number of times(e.g., 5 to 10 times). As another example, a response signal may be notreceived after sending an aperiodic data usage request message.

In step 719, the electronic device 701 notifies the user of the datausage status of the sharing target device 702. For example, theelectronic device 701 may provide the user with a notification messageindicating the possibility of a manipulation of the data usage amountthrough a popup window. Upon recognizing that the data usage of thesharing target device 702 may have been manipulated, the user may enteran input for requesting the suspension of the data sharing service forthe sharing target device 702.

In step 721, the electronic device 701 transmits a service stop requestmessage to a server of an MNO, via a base station 703, in order torequest a stop of the mobile communication service to the sharing targetdevice 702. For example, the user of the electronic device 701 cantransmit a service stop request message through a third-partyapplication provided by the MNO. The user of the electronic device 701may make a call directly to the customer service agent of the MNO torequest the suspension of the data sharing service.

If the monitoring application managing the data usage of the sharingtarget device 702 is deactivated or deleted, it may be difficult for theuser of the electronic device 701 to control the operation of theapplication. In this case, the electronic device 701 may directlyrequest the mobile communication provider to restrict the mobilecommunication service to the sharing target device 702 in step 721.

Even when the use of the mobile communication service of the sharingtarget device 702 is restricted, data transmission and reception betweenthe electronic device 701 and the sharing target device 702 using themobile communication network may still be allowed as an exceptional casein step 723.

FIG. 9 is a signal flow diagram illustrating a process of configuringIoT devices as sharing target devices according to an embodiment of thepresent disclosure.

Referring to FIG. 9, a user may use an electronic device 901, and aplurality of IoT devices 903, 904, and 905 may be located in an areanear the user.

The IoT devices 903, 904, and 905 may be any of the types of electronicdevices described above. The IoT devices 903, 904, and 905 can share thedata usage amount allocated to the electronic device 901. That is, eachof the IoT devices 903, 904, and 905 may be a sharing target device.

In steps 911 to 915, similar to the embodiment of FIG. 2, the electronicdevice 901 receives an access code from an authentication server 902 andforwards it to the IoT devices 903, 904, and 905.

Alternatively, similar to the embodiment of FIG. 3, each of the IoTdevices 903, 904, and 905 receives the access code from theauthentication server 902. The access code may be the same for all theIoT devices 903, 904, and 905 or may be different therefor.

In step 917 to 921, the IoT devices 903, 904, and 905 transmit theiraccess codes to the authentication server 902.

In step 923, the authentication server 902 generates a plurality ofsubscriber profiles based on the received access codes. Althoughauthentication can also be performed between the IoT devices 903, 904,and 905 and the authentication server 902, this procedure corresponds tothe authentication procedure between the sharing target device and theauthentication server in FIGS. 2 to 4, and a repeated description isomitted.

The subscriber profiles may include information for limiting the usageof the mobile communication service in consideration of the purposes orattributes of data usage of the IoT devices 903, 904, and 905.

In steps 925 to 929, the authentication server 902 transmits thesubscriber profiles respectively to the IoT devices 903, 904, and 905.

Upon reception of the subscriber profiles, each of the IoT devices 903,904, and 905 installs the corresponding subscriber profile in theprofile storage module thereof in steps 931 to 935.

If the subscriber profile installed in the first IoT device 903 islimited to the call service only, the first IoT device 903 may receiveonly the call service among the mobile communication services.

If the subscriber profile installed in the second IoT device 904 islimited to the data service only, the second IoT device 904 can receiveonly the data service among the mobile communication services.

If the subscriber profile installed in the third IoT device 905 isconfigured to allow both the call service and the data service, thethird IoT device 905 can receive both the data service and the callservice among the mobile communication services.

The subscriber profiles for the IoT devices 903, 904, and 905 may bemanaged as a group profile. The electronic device 901 may manage theprofiles of the IoT devices 903, 904, and 905, which share the datausage of the electronic device 901 for communication, as a groupprofile. The group profile may include common information and individualdevice information. The common information may include information aboutthe electronic device 901, and the individual device information mayinclude the identification information of each IoT device 903, 904, or905.

When multiple IoT devices 903, 904, and 905 are used, the electronicdevice 901 can manage the amount of data consumed by the IoT devices903, 904, and 905 in a combined manner. For example, an overall datasharing amount can be set for the IoT devices 903, 904, and 905, and theindividual data usage amounts of the IoT devices 903, 904, and 905 canbe combined and managed. In addition, an individual data sharing amountcan be set for each IoT of the IoT devices 903, 904, and 905, and agroup data sharing amount can be set for all of the IoT devices 903,904, and 905 belonging to the group.

When one of the individual data amounts is exceeded, only thecorresponding IoT device is prevented from using the data sharingservice; and when the group data sharing amount is exceeded, all the IoTdevices belonging to the group can be prevented from using the datasharing service.

FIG. 10 illustrates an authentication server according to an embodimentof the present disclosure.

Referring to FIG. 10, the authentication server 2000 includes a profilegeneration module 2010, a provisioning support module 2020, a profilestorage module 2030, an authentication module 2040, and a transceiver2050.

The profile generation module 2010 may generate a subscriber profilebased on a quantity of profiles, MNO information, and profile types(e.g., prepayment or deferred payment). The profile generation module2010 may correspond to a profile generation server, and may beimplemented as a physically separate server.

The provisioning support module 2020 may convert a subscriber profilecomposed of packets generated by the profile generation module 2010 intoan uncompressed image file.

The profile storage module 2030 may store the packets generated by theprofile generation module 2010 and the image file generated by theprovisioning support module 2020.

The authentication module 2040 may authenticate an electronic device2100 connected through the transceiver 2050. The authentication module2040 may authenticate the electronic device 1100 by using a predefinedkey set or jig. When the electronic device 2100 is authenticated, theprovisioning support module 2020 can transfer the corresponding imagefile stored in the profile storage module 2030 to the electronic device2100.

When the electronic device 2100 is booted, the subscriber profile may beinstalled in the eSIM module, based on the received image file.

The profile generation module 2010 and the provisioning support module2020 may be physically separated from each other so as to correspondrespectively to a profile generation server and a provisioning supportserver. The profile generation module 2010 and the provisioning supportmodule 2020 may transmit/receive data through a wireless communicationnetwork.

Additionally, the authentication server 2000 may further include aprofile management module to manage profile installation, deletion,activation, and deactivation. The profile management module maycorrespond to a profile management server that transfers multiplepackets received from the profile generation module 2010 to theelectronic device 2100 through OTA.

FIG. 11 illustrates an electronic device according to an embodiment ofthe present disclosure.

Referring to FIG. 11, an electronic device 3000 may be an electronicdevice that permits data sharing or a sharing target device that isallowed to share a data usage amount of another device.

The electronic device 3000 includes a bus 3010, a processor 3020, amemory 3030, an input/output interface 3040, a display 3050, atransceiver 3060, and an eSIM module 3070.

The bus 3010 may be a circuit that interconnects the above components toallow them to communicate with each other (e.g., to transmit/receivecontrol messages).

The processor 3020 may include one or more of a CPU, an AP, and acommunications processor (CP). The processor 3020 may perform control,communication, and data processing operations in relation to at leastone of the components of the electronic device 3000. For example, theprocessor 3020 may receive a control instruction from a differentcomponent, via the bus 3010, decode the received control instruction,and perform computation or data processing according to the decodedinstruction.

The processor 3020 may store a subscriber profile in the secure area ofthe memory 3030 based on a subscriber profile in the form of an imagefile received from the authentication server 3200. When the electronicdevice 3000 is booted, the processor 3020 may retrieve the image filefrom the secure area of the memory 3030 and install the same in the eSIMmodule 3070 as a profile.

The memory 3030 may include an internal memory or an external memory.The internal memory may include at least one of a volatile memory (e.g.,a dynamic random access memory (DRAM), a static RAM (SRAM), synchronousdynamic RAM (SDRAM)) and a non-volatile memory (e.g., a one-timeprogrammable read only memory (OTPROM), a programmable ROM (PROM), anerasable and programmable ROM (EPROM), an electrically erasable andprogrammable ROM (EEPROM), a mask ROM, a flash ROM, a flash memory, ahard drive, or a solid state drive (SSD)). The external memory mayinclude a flash drive such as a compact flash (CF) memory, a securedigital (SD) memory, a micro-SD memory, a mini-SD memory, an extremedigital (xD) memory, a multi-media card (MMC), or a memory stick. Theexternal memory may be functionally or physically connected with theelectronic device 3000 via various interfaces.

The memory 3030 may store the subscriber profile received from theauthentication server 3200 in the secure area thereof.

The memory 3030 may store instructions or data received from orgenerated by the processor 3020 or other components.

The memory 3030 may store development signing keys, common signing keys,and unique identification information of the electronic device 3000. Thememory 3030 may include programming modules such as the kernel,middleware, application programming interfaces (APIs) and applications.Each of the programming modules may be composed of software, firmware,hardware, or a combination thereof.

The kernel may control or manage system resources (e.g., bus 3010,processor 3020, and/or memory 3030) that are used to execute operationsor functions implemented in other programming modules such asmiddleware, an API and an application. The kernel may also provideinterfaces through which the individual components of the electronicdevice 3000 can be accessed, controlled, or managed by the middleware,API, or application.

The middleware can act as an intermediary enabling the API orapplication to communicate with the kernel for datatransmission/reception. The middleware may control or manage jobrequests from the applications (e.g., scheduling or load balancing). Forexample, the middleware may assign a priority to each job request forusing the system resources (e.g., bus 3010, processor 3020, or memory3030) of the electronic device 3000.

The API is an interface for an application to control the functionsprovided by the kernel or middleware and may include at least oneinterface or function (e.g., a command) for file control, windowcontrol, image processing, and character control.

The applications may include a data usage management application forsetting and displaying notification information of the presentdisclosure. The applications may also include an application provided bythe MNO. The applications may further include a messenger applicationthat provides a received message to the user.

The input/output interface 3040 may transfer commands or data input bythe user through an input/output means (e.g., a sensor, a keyboard, abutton, and/or a touchscreen) to the processor 3020, the memory 3030,and the transceiver 3060 through, e.g., the bus 3010. The input/outputinterface 3040 may provide a user's touch input data on the touchscreento the processor 3020. The input/output interface 3040 may outputcommands or data received from the processor 3020, the memory 3030, andthe transceiver 3060, via the bus 3010, to an input/output device (e.g.,a speaker or the display 3050). The input/output interface 3040 mayoutput speech data processed by the processor 3020 to the user throughthe speaker.

The display 3050 may include a liquid crystal display (LCD), a lightemitting diode (LED) display, an organic light emitting diode (OLED)display, a microelectromechanical system (MEMS) display, or anelectronic paper display.

The display 3050 may output various information (e.g., multimedia dataor text data) to the user.

Alternatively, the electronic device 3000 may be implemented without thedisplay 3050. For example, when the data usage is output as audible ortactile information through the input/output interface 3040 rather thanas visual information, the display 3050 may be omitted from theelectronic device 3000.

The transceiver 3060 can perform wireless communication between theelectronic device 3000 and the authentication server 3200 via a network3300.

Wireless communication may use a cellular communication technology basedon at least one of, e.g., 5G, Long Term Evolution (LTE), LTE-advanced(LTE-A), code division multiple access (CDMA), wideband CDMA (WCDMA),universal mobile telecommunications system (UMTS), wireless broadband(WiBro), and global system for mobile communications (GSM). Wirelesscommunication may also use, e.g., a wireless local area network (Wi-Fi),Bluetooth, Bluetooth low power (BLE), Zigbee, near field communication(NFC), magnetic secure transmission, radio frequency (RF), and a bodyarea network (BAN).

The eSIM module 3070 may store the subscriber profile received from theauthentication server 3200.

The transceiver 3060 may use the subscription information of thesubscriber profile stored in the eSIM module 3070 to access the MNOnetwork.

FIG. 12 illustrates an authentication server according to an embodimentof the present disclosure.

Referring to FIG. 12, the authentication server 1200 includes aprocessor 1210, a transceiver 1220, and a memory 1230.

The processor 1210 may include at least one of the profile generationmodule 2010, the provisioning support module 2020, and theauthentication module 2040, e.g., as illustrated in FIG. 10. Thetransceiver 1220 may correspond to the transceiver 2050 of FIG. 10. Thememory 1230 may correspond to the profile storage module 2030 of FIG.10.

The memory 1230 may store instructions used to control the processor1210.

The memory 1230 may store instructions that, when the authenticationserver 1200 operates, cause the processor 1210 to receive a deviceconfiguration request message for configuring a sharing target devicefrom an electronic device or the sharing target device through thetransceiver 1220; transmit, based on the device configuration requestmessage, an access code, which permits the sharing target device toaccess the authentication server 1200, to the electronic device or thesharing target device through the transceiver 1220; receive the accesscode from the sharing target device through the transceiver 1220; andtransmit, based on the received access code, a subscriber profile to thesharing target device.

The memory 1230 may store instructions that, when the authenticationserver 1200 operates, cause the processor 1210 to receive a deviceconfiguration request message for configuring a sharing target devicefrom the sharing target device through the transceiver 1220; transmit,in response to the device configuration request message, a deviceconfiguration verification request message for confirming configurationof the sharing target device to the electronic device through thetransceiver 1220; receive a device configuration verificationconfirmation message through the transceiver 1220 from the electronicdevice having verified the sharing target device based on the deviceconfiguration verification request message; and transmit, based on thereceived device configuration verification confirmation message, asubscriber profile to the sharing target device through the transceiver1220.

In the present disclosure, the operation and configuration of theauthentication server 1200 are not limited to the description of FIG.12, and may include the operation and configuration of the server orauthentication server in the embodiments described with reference toFIGS. 1 to 11.

FIG. 13 illustrates an electronic device permitting data sharingaccording to an embodiment of the present disclosure.

Referring to FIG. 13, the electronic device 1300 includes a processor1310, a transceiver 1320, and a memory 1330.

The processor 1310 may correspond to the processor 3020 of FIG. 11, thetransceiver 1320 may correspond to the transceiver 3060 of FIG. 11, andthe memory 1330 may correspond to the memory 3030 of FIG. 11.

The memory 1330 may store instructions used to control the processor1310.

The memory 1330 may store instructions that, when the electronic device1300 operates, cause the processor 1310 to transmit a deviceconfiguration request message for configuring a sharing target device,which is allowed to share at least a portion of the data usage amountassigned to the electronic device 1300, to an authentication serverthrough the transceiver 1320; receive, based on the device configurationrequest message, an access code permitting access to the authenticationserver from the authentication server through the transceiver 1320; andtransmit the received access code to the sharing target device throughthe transceiver 1320, so that the sharing target device can use theaccess code to receive a subscriber profile from the authenticationserver for receiving a mobile communication service. The subscriberprofile may include at least one of a phone number assigned to thesharing target device and information for limiting the usage of themobile communication service of the sharing target device.

The memory 1330 may store instructions that cause the processor 1310 totransmit, when a trigger signal is generated for replacing the existingsharing target device with a new sharing target device, the deviceconfiguration request message to the authentication server through thetransceiver 1320.

In the present disclosure, the operation and configuration of theelectronic device 1300 are not limited to the description of FIG. 13,and may include the operation and configuration of the electronic devicein the embodiments described with reference to FIGS. 1 to 11.

FIG. 14 illustrates a sharing target device that shares data usageaccording to an embodiment of the present disclosure.

Referring to FIG. 14, the sharing target device 1400 includes aprocessor 1410, a transceiver 1420, a memory 1430, and a profile storagemodule 1430.

The processor 1410 may correspond to the processor 3020 of FIG. 11, thetransceiver 1420 may correspond to the transceiver 3060 of FIG. 11, thememory 1430 may correspond to the memory 3030 of FIG. 11, and theprofile storage module 1430 may correspond to the eSIM module 3070 ofFIG. 11.

The memory 1430 may store instructions used to control the processor1410.

The memory 1430 may store instructions that, when the sharing targetdevice 1400 operates, cause the processor 1410 to receive an access codepermitting access to the authentication server from an electronic deviceor the authentication server through the transceiver 1420; transmit thereceived access code to the authentication server through thetransceiver 1420; receive, based on the access code, a subscriberprofile from the authentication server through the transceiver 1420;store the received subscriber profile in the profile storage module1430; and receive, based on the subscriber profile, a mobilecommunication service according to the amount of the data usage sharedwith the electronic device. The subscriber profile stored in the profilestorage module 1430 may include at least one of a phone number assignedto the sharing target device and information for limiting the usage ofthe mobile communication service of the sharing target device.

The memory 1430 may store instructions that, when the sharing targetdevice 1400 operates, cause the processor 1410 to transmit, through thetransceiver 1420, a device configuration request message for configuringthe sharing target device 1400, which is allowed to share at least aportion of the data usage amount assigned to an electronic device, to anauthentication server associated with the MNO managing data usage;receive, when authentication of the sharing target device 1400 isperformed between the electronic device and the authentication serverbased on the device configuration request message, a subscriber profilefrom the authentication server through the transceiver 1420; store thereceived subscriber profile in the profile storage module 1430; andreceive, based on the subscriber profile, a mobile communication serviceaccording to the amount of the data usage shared with the electronicdevice.

The memory 1430 may store instructions that cause the processor 1410 totransmit, when a trigger signal is generated for replacing the existingsharing target device with a new sharing target device, the deviceconfiguration request message to the authentication server through thetransceiver 1420.

In the present disclosure, the operation and configuration of thesharing target device 1400 are not limited to the description of FIG.14, and may include the operation and configuration of the sharingtarget device in the embodiments described with reference to FIGS. 1 to11.

FIG. 15 is a flowchart illustrating a procedure for an electronic deviceto configure a sharing target device according to an embodiment of thepresent disclosure.

Referring to FIG. 15, in step 1501, the electronic device transmits adevice configuration request message for configuring a sharing targetdevice, which is allowed to share at least a portion of the data usageamount assigned to the electronic device, to an authentication serverassociated with an MNO managing the data usage. For example, when atrigger signal is generated for replacing the existing sharing targetdevice with a new sharing target device, the electronic device maytransmit the device configuration request message to the authenticationserver.

In step 1503, based on the device configuration request message, theelectronic device receives an access code permitting access to theauthentication server from the authentication server.

In step 1505, the electronic device transmits the received access codeto the sharing target device, so that the sharing target device can usethe access code to receive a subscriber profile from the authenticationserver for receiving a mobile communication service.

FIG. 16 is a flowchart illustrating a procedure for a sharing targetdevice to receive a mobile communication service according to anembodiment of the present disclosure.

Referring to FIG. 16, in step 1601, the sharing target device receivesan access code, which permits access to an authentication serverassociated with an MNO managing the data usage, from an electronicdevice or the authentication server.

In step 1603, the sharing target device transmits the received accesscode to the authentication server.

In step 1605, based on the access code, the sharing target devicereceives a subscriber profile from the authentication server.

In step 1607, the sharing target device stores the received subscriberprofile in the profile storage module.

In step 1609, based on the stored subscriber profile, the sharing targetdevice receives a mobile communication service according to the amountof the data usage shared with the electronic device.

FIG. 17 is a flowchart illustrating a procedure for a sharing targetdevice to receive a mobile communication service according to anembodiment of the present disclosure.

Referring to FIG. 17, in step 1701, the sharing target device transmitsa device configuration request message for configuring a sharing targetdevice, which is allowed to share at least a portion of the data usageamount assigned to an electronic device, to an authentication serverassociated with an MNO managing the data usage. For example, when atrigger signal is generated for replacing the existing sharing targetdevice with a new sharing target device, the sharing target device maytransmit the device configuration request message to the authenticationserver.

When authentication of the sharing target device is performed betweenthe electronic device and the authentication server based on the deviceconfiguration request message, the sharing target device receives asubscriber profile from the authentication server in step 1703.

In step 1705, the sharing target device stores the received subscriberprofile in the profile storage module.

In step 1707, based on the stored subscriber profile, the sharing targetdevice receives a mobile communication service according to the amountof the data usage shared with the electronic device.

FIG. 18 is a flowchart illustrating a procedure for an authenticationserver to provide a subscriber profile according to an embodiment of thepresent disclosure.

Referring to FIG. 18, in step 1801, the authentication server receives adevice configuration request message for configuring a sharing targetdevice, which is allowed to share at least a portion of the data usageamount assigned to an electronic device, from the electronic device orthe sharing target device.

In step 1803, based on the device configuration request message, theauthentication server transmits an access code, which permits thesharing target device to access the authentication server, to theelectronic device or the sharing target device.

In step 1805, the authentication server receives the access code fromthe sharing target device.

In step 1807, based on the received access code, the authenticationserver transmits a subscriber profile to the sharing target device.

FIG. 19 is a flowchart illustrating a procedure for an authenticationserver to provide a subscriber profile according to an embodiment of thepresent disclosure.

Referring to FIG. 19, in step 1901, the authentication server receives adevice configuration request message for configuring a sharing targetdevice, which is allowed to share at least a portion of the data usageamount assigned to an electronic device, from the sharing target device.

In step 1903, based on the device configuration request message, theauthentication server transmits a device configuration verificationrequest message for confirming configuration of the sharing targetdevice to the electronic device.

When the configuration of the sharing target device is verified by theelectronic device based on the device configuration verification requestmessage, the authentication server receives a device configurationverification confirmation message from the electronic device in step1905.

In step 1907, based on the received device configuration verificationconfirmation message, the authentication server transmits a subscriberprofile to the sharing target device.

At least a part of the devices (e.g., modules or functions) or themethods (e.g., operations and steps) according to the variousembodiments described above may be implemented as instructions in theform of a program module, which can be stored in a computer readablestorage medium. When the instructions are executed by a processor (e.g.,a processor 3020), the processor may carry out functions correspondingto the instructions. The computer readable storage medium may be thememory 130.

Program modules may be stored in a non-transitory computer readablemedium and can be read and executed by a computer.

A non-transitory storage medium refers to a medium that semi-permanentlystores data and is readable by a processor, and may include a volatileor nonvolatile memory that temporarily stores data for computation ortransmission, such as a register, cache, or buffer. However, intangibletransmission media such as signals or currents are not a non-transitorystorage media.

For distribution, the program modules described above may be stored in anon-transitory storage medium, such as a compact disc (CD), a DVD, ahard disk, a Blu-ray disc, a universal serial bus (USB), an internalmemory of an electronic device of the present disclosure, a memory card,a ROM, or a RAM.

The program modules described above may be stored in the memory of aserver and be downloaded to a terminal (e.g., an electronic device ofthe present disclosure) connected to the server via a network for sale,rental, offer, or transfer. The program modules may be uploaded to theserver for sale, rental, offer, or transfer by the program provider(e.g., a program developer, a manager, a tester, a modifier, or amanufacturer).

When the program modules are provided to an electronic device, at leasta portion of the program modules may be temporarily stored in a bufferof the server for transmission. The buffer of the server may be anon-transitory storage medium of the present disclosure.

When the program modules are provided to an electronic device for salevia a relay server (e.g., a relay server in a region in which theelectronic device is located), at least a portion of the program modulesmay be temporarily stored in the buffer of the relay server. The bufferof the relay server may be a non-transitory storage medium of thepresent disclosure.

In addition, the method (e.g., steps and operations) according to anembodiment of the present disclosure may be provided as a computerprogram product.

The computer program product may include a non-transitory storage mediumin which the program modules described above are stored.

The computer program product may refer to a product itself that may bestored in a non-transitory storage medium. The fact that a computerprogram product includes a non-transitory storage medium may indicatethat it is possible for the computer program product to take the form ofa non-transitory recording medium. That is, the computer program productmay take the form of a medium that can be uploaded or downloaded or takethe form of a non-transitory recording medium according to thesituations. Here, the product can be an application itself sold in anelectronic marketplace (e.g., Android™ market).

An execution agent and a storage agent of a computer program product maybe the same or different from each other. For example, the storage agentof the computer program product may be a server, and the execution agentthereof may be a terminal.

There may be a system that includes both a computer program product andan electronic device capable of executing a function of the computerprogram product. In this case, the electronic device may carry out afunction provided by the computer program product under the control ofanother device in which the computer program product is installed.

While the present disclosure has been particularly shown and describedwith reference to certain embodiments thereof, it will be understood bythose of ordinary skill in the art that various changes in form anddetails may be made therein without departing from the spirit and scopeof the present disclosure as defined by the following appended claimsand their equivalents.

What is claimed is:
 1. A method performed by an electronic device toconfigure a sharing target device for data sharing, the methodcomprising: transmitting, to an authentication server associated with amobile network operator for managing data usage, a device configurationrequest message for configuring the sharing target device to share adata usage amount assigned to the electronic device, the deviceconfiguration request message including an identifier of the sharingtarget device and information on a data amount to be shared for thesharing target device; receiving, from the authentication server, inresponse to the device configuration request message, an access codepermitting access to the authentication server; and transmitting thereceived access code to the sharing target device, wherein a subscriberprofile to be installed in an embedded universal integrated circuit card(eUICC) of the sharing target device is generated in case that anauthentication is completed between the sharing target device and theauthentication server based on the access code, wherein the subscriberprofile is used for sharing the data usage amount assigned to theelectronic device, and wherein the access code includes at least one ofinformation requesting assignment of a portion of the data usage amountassigned to the electronic device, and information identifying theelectronic device.
 2. The method of claim 1, wherein the deviceconfiguration request message is transmitted to the authenticationserver, in case that a trigger signal is generated for replacing anexisting sharing target device with the sharing target device.
 3. Themethod of claim 1, wherein the subscriber profile comprises at least oneof: a phone number assigned to the sharing target device; andinformation for limiting usage of a mobile communication servicereceived by the sharing target device.
 4. A method performed by asharing target device to share a data usage amount assigned to anelectronic device, the method comprising: receiving an access code,which permits access to an authentication server associated with amobile network operator managing data usage, from the electronic deviceor the authentication server; transmitting the received access code tothe authentication server; receiving, based on the access code, asubscriber profile from the authentication server; installing thereceived subscriber profile in an embedded universal integrated circuitcard (eUICC) of the sharing target device; and using, based on thestored subscriber profile, the data usage amount assigned to theelectronic device, wherein a device configuration request messageincluding an identifier of the sharing target device and information ona data amount to be shared for the sharing target device is transmittedfrom the electronic device to the authentication server for obtainingthe access code, wherein the subscriber profile is generated in casethat an authentication is completed between the sharing target deviceand the authentication server based on the access code, and wherein theaccess code includes at least one of information requesting assignmentof a portion of the data usage amount assigned to the electronic device,and information identifying the electronic device.
 5. The method ofclaim 4, wherein the subscriber profile comprises at least one of: aphone number assigned to the sharing target device; and information forlimiting usage of a mobile communication service received by the sharingtarget device.
 6. A method for an authentication server associated witha mobile network operator to provide a subscriber profile, the methodcomprising: receiving, from an electronic device, a device configurationrequest message for configuring the sharing target device to share adata usage amount assigned to the electronic device, the deviceconfiguration request message including an identifier of the sharingtarget device and information on a data amount to be shared for thesharing target device; transmitting, in response to the deviceconfiguration request message, an access code, which permits the sharingtarget device to access the authentication server, to the electronicdevice or the sharing target device; receiving the access code from thesharing target device; generating the subscriber profile to be installedin an embedded universal integrated circuit card (eUICC) of the sharingtarget device in case that an authentication is completed between thesharing target device and the authentication server based on the accesscode; and transmitting the subscriber profile to the sharing targetdevice, wherein the subscriber profile is used for sharing the datausage amount assigned to the electronic device, and wherein the accesscode includes at least one of information requesting assignment of aportion of the data usage amount assigned to the electronic device, andinformation identifying the electronic device.
 7. An electronic devicecapable of sharing a data usage amount assigned to the electronic devicewith a sharing target device, the electronic device comprising: atransceiver; and a hardware processor configured to: transmit, to anauthentication server via the transceiver, a device configurationrequest message for configuring the sharing target device to share thedata usage amount assigned to the electronic device, the deviceconfiguration request message including an identifier of the sharingtarget device and information on a data amount to be shared for thesharing target device; receive, from the authentication server via thetransceiver, in response to the device configuration request message, anaccess code permitting access to the authentication server; and transmitthe received access code to the sharing target device via thetransceiver, wherein a subscriber profile to be installed in an embeddeduniversal integrated circuit card (eUICC) of the sharing target deviceis generated in case that an authentication is completed between thesharing target device and the authentication server based on the accesscode, wherein the subscriber profile is used for sharing the data usageamount assigned to the electronic device, and wherein the access codeincludes at least one of information requesting assignment of a portionof the data usage amount assigned to the electronic device, andinformation identifying the electronic device.
 8. The electronic deviceof claim 7, wherein the device configuration request message istransmitted to the authentication server in case that a trigger signalis generated for replacing an existing sharing target device with thesharing target device.
 9. The electronic device of claim 7, wherein thesubscriber profile comprises at least one of: a phone number assigned tothe sharing target device; and information for limiting usage of amobile communication service received by the sharing target device. 10.A sharing target device that shares a data usage amount assigned to anelectronic device, the sharing target device comprising: a transceiver;an embedded universal integrated circuit card (eUICC); and a hardwareprocessor configured to: receive, from the electronic device or theauthentication server via the transceiver, an access code permittingaccess to the authentication server; transmit the received access codeto the authentication server via the transceiver; receive, based on theaccess code, a subscriber profile from the authentication server via thetransceiver; install the received subscriber profile in the eUICC; anduse, based on the stored subscriber profile, the data usage amountassigned to the electronic device, wherein a device configurationrequest message including an identifier of the sharing target device andinformation on a data amount to be shared for the sharing target deviceis transmitted from the electronic device to the authentication serverfor obtaining the access code, wherein the subscriber profile isgenerated in case that an authentication is completed between thesharing target device and the authentication server based on the accesscode, and wherein the access code includes at least one of informationrequesting assignment of a portion of the data usage amount assigned tothe electronic device, and information identifying the electronicdevice.
 11. The sharing target device of claim 10, wherein thesubscriber profile comprises at least one of: a phone number assigned tothe sharing target device; and information for limiting usage of amobile communication service received by the sharing target device. 12.An authentication server associated with a mobile network operator, theauthentication server comprising: a transceiver; and a hardwareprocessor configured to: receive, from the electronic device via thetransceiver, a device configuration request message for configuring thesharing target device to share a data usage amount assigned to theelectronic device, the device configuration request message including anidentifier of the sharing target device and information on a data amountto be shared for the sharing target device; transmit, to the electronicdevice or the sharing target device via the transceiver, in response tothe device configuration request message, an access code, which permitsthe sharing target device to access the authentication server; receivethe access code from the sharing target device via the transceiver;generate the subscriber profile to be installed in an embedded universalintegrated circuit card (eUICC) of the sharing target device in casethat an authentication is completed between the sharing target deviceand the authentication server based on the access code; and transmit thesubscriber profile to the sharing target device, wherein the subscriberprofile is used for sharing the data usage amount assigned to theelectronic device, and wherein the access code includes at least one ofinformation requesting assignment of a portion of the data usage amountassigned to the electronic device, and information identifying theelectronic device.